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Part III DETAILED ACTION 

Specification 

1. A request for continued examination under 37 CFR 1.114, 
including the fee set forth in 37 CFR 1.17(e), was filed in this 
application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the 
fee set forth in 37 CFR 1.17(e) has been timely paid, the 
finality of the previous Office action has been withdrawn 
pursuant to 37 CFR 1.114. Applicant's submission filed on 
12/23/2005 has been entered. Claims 1-35 are presented for 
examination . 

2. Applicant is reminded of the duty to fully disclose 
information under 37 CFR 1.56. 

Rejections - 35 USC §103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms 
the basis for all obviousness rejections set forth in this Office 
action : 

(a) A patent may not be obtained though the invention is not 

identically disclosed or described as set forth in section 
102 of this title, if the differences between the subject 
matter sought to be patented and the prior art are such that 
the subject matter as a whole would have been obvious at the 
time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which 
the invention was made. 
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4. Claims 1-2, 4-6, 8-10, 12-14, 16-18 and 20-35 are rejected 
under 35 U.S.C. 103(a) as being unpatentable over Bapat et al . , 
hereinafter Bapat (USPN: 6,038,563); in view of David A. Soloman 

(Inside Window NT, Second Edition) , hereinafter Soloman. 

As per claims 1 and 5; Bapat discloses the invention as 
claimed including a system and method for monitoring a registry 
monitoring system comprises requesting (a) a handle for a 
registry key to a calling process and (b) a registry key value 
for the handle is equivalently taught as requesting access to 
specified sets of the managed objects in a control database (e.g. 
see abstract; figures 1-2 and 4-5; column 3, lines 17 et seq.); 
obtaining security clearance to complete the requests is taught 
as an access control server provides access to the managed 
objects in accordance with the access rights specified by the 
access control database (e.g. see abstract, column 3, lines 21 et 
seq.). Bapat, however, does not particularly discloses the 
security clearance parameter is updated by a system command in 
association with one or more of the requests. Soloman discloses 
the missing element that is known to be required in the system 
Bapat in order to arrive at the Applicant's current invention 
wherein Soloman clearly discloses the security clearance 
parameter is updated by a system command in association with one 
or more of the requests (e.g. see page 305, fourth paragraph); 
Soloman further discloses in Discretionary access control list 

(DACL) , each access control entry ACE contains a security ID and 
an access mask wherein two types of ACEs can appear in a DACL, 
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access allowed which grants access to the user and access denied 
which denies the access rights specified in the access mask, the 
accumulation of access rights granted by individual ACEs forms 
the set of access rights granted by an ACL, and if no DACL is 
present in a security descriptor, then the object can be fully 
accessed by everyone; on the other hand, if the DACL is null, 
then no user has access to the object (e.g. see page 311, third 
paragraph; also see pages 312-314) . Accordingly, it would have 
been obvious to one having ordinary skill in the art at the time 
the current invention was made to utilize the teaching of Soloman 
wherein the security clearance parameter is updated by a system 
command in association with one or more of the requests with that 
of Bapat invention. In doing so, it would (a) increase data 
locality, and (b) reduce number of system clock cycles that would 
otherwise require for updating the requests and system command 
separately, thereby increasing system throughput and reducing bus 
traffic or bus utilization, therefore being advantageous. The 
combination of Bapat and Soloman disclose the invention as 
claimed. Noting that Bapat and Soloman discloses the security 
clearance parameter having threshold (limit) being equivalent to 
the permission table parameters/variables embedded in system of 
Bapat wherein it's known that the permission table utilize these 
parameters/ variables in order to define a subset of rows in the 
database tables that are accessible to at least one of the users, 
and the set of database table rows that are accessible 
corresponds to the manage object access rights specified by the 
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access control database (e.g. see Bapat's column 3, lines 32-41). 
The combination of Bapat and Soloman do not particularly disclose 
the parameter threshold being adjustable. Accordingly, it would 
have been further obvious to one having ordinary skill in the art 
at the time the current invention was made to having the security 
clearance parameters be implemented as adjustable as being 
claimed intead of fixed value in order to arrive at the 
Applicant's current invention. By doing so, it would allow the 
system of Bapat and Soloman to serve broader range of 
application, increasing system adaptability, therefore being 
advantageous. (See also MPEP 2144.04 (V) as to why making 
adjustable is not sufficient to distinguish over the prior art) . 

As per claims 2, 4, 6 and 8; Bapat discloses his database 
management system stores the management information (process ID 
and registry key value as being claimed) sent by the information 
transfer mechanism in a set of database tables, wherein each 
database table stores the management information for 
corresponding managed objects in individual rows (e.g. see 
abstract, column 3, lines 26-30); noting that Bapat further 
discloses an access control procedure limits access to the 
management information stored in the database tables using at 
least one permission table (e.g. see column 3, lines 31 et seq.; 
column 26, lines 10 et seq.), wherein a database access engine 
accesses information in the set of database tables using the 
permission table such that each user is allowed access only to 
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management information in the set of database that the user would 
be allowed by the access control data to access (e.g. see column 
3, lines 41-45; column 27, lines 47 et seq.). 

As per claims 9-10, 12, 17-18 and 20, they encompass the 
same scope of invention as to that of claims 1-2, 4; 5-6 and 8 
respectively; the claims are therefore rejected for the same 
reason as being set forth above. 

As per claims 13-14 and 16; the combination of Bapat and 
Soloman discloses the invention as claimed, detailed above with 
respect to claims 1, 5, 9 and 17; Bapat and Soloman however do 
not particularly disclose a computer- readable medium comprising 
computer executable instructions for performing method recited in 
claims 1, 5, 9 and 17. However, one of ordinary skill in the art 
would have recognized that computer readable medium (i.e., 
floppy, cd-rom, etc.) carrying computer-executable instructions 
for implementing a method, because it would facilitate the 
transporting and installing of the method on other systems, is 
generally well-known in the art. For example, a copy of the 
Microsoft Windows operating system can be found on a cd-rom from 
which Windows can be installed onto other systems, which is a lot 
easier that running a long cable or hand typing the software onto 
another system. The examiner takes Official Notice of this 
teaching. Therefore, it would have been obvious to put Bapat and 
Soloman 7 s program on a computer readable medium, because it would 
facilitate the transporting, installing and implementing of Bapat 
and Soloman 7 s program on other systems; therefore being 
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advantageous . 

As per claims 21 and 29; see arguments with respect to 
claims 1, 5 and 13; they encompass the same scope of invention as 
to that of claims 1, 5 and 13; the claims are therefore rejected 
for the same reasons as being set forth above. 

As per claims 22 and 30, the further limitation of denying 
security clearance when at least on security clearance parameter 
is satisfied is taught by Bapat and Soloman (e.g. see Bapat's 
column 3, lines 26-30; and Soloman' s page 311, third paragraph, 
lines 1 et seq. ; page 313 lines 1 et seq.); 

As per claims 23 and 31, wherein said at least one security 
clearance permission is associated with the elapsed time since 
the handle or registry key value has been previously requested 
(e.g. see Soloman' s page 310, first paragraph et seq.); 

As per claims 24 and 32, the further limitation of at least 
one security clearance permission is associated with the number 
of times said handle or registry key value has been previously 
requested is taught by Soloman since Soloman clearly teaches whn 
all the entries in the DACL have been examined, the computed 
granted access mask is returned to the caller as the maximum 
allowed access to the object (e.g. see page 313, 7 th paragraph); 

As per claims 25 and 33, wherein said at least one security 
clearance permission is associated with the date in which the 
handle or registry key value was previously requested (e.g. see 
Soloman' s page 310, first paragraph et seq.); 

As per claims 26 and 34, wherein at least one security 
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clearance permission is associated with the accumulated time the 
handle or registry key value has been previously accessed e.g. 
see Soloman's page 310, first paragraph et seq.; page 313, 7 th 
paragraph et seq.); 

As per claims 27 and 35, wherein said previous access 
includes modifying and deleting keys and values of protected data 
locations (e.g. see Soloman's page 313, first paragraph bridging 
pages 315, line 2) ; 

As per claim 28, the further limitation of the machine- 
readable medium includes at least one device driver is taught and 
embedded in the system of Bapat and Soloman (e.g. see Soloman's 
figure 6-1, page 308) ; 

Allowable subject matter 

5. Claims 3, 7, 11, 15 and 19 are objected to as being 
dependent upon a rejected base claim, but would be allowable if 
rewritten in independent form including all of the limitations of 
the base claim and intervening claims. 

6. Examiner would like to emphasize that the combination of 
Bapat and Soloman specifically disclose the security clearance 
parameter is updated by a system command in association with one 
or more of the requests (e.g. see Soloman's page 305, 4 th 
paragraph et seq.; also see pages 313-314); Soloman further 
discloses in Discretionary access control list (DACL), each 
access control entry ACE contains a security ID and an access 
mask wherein two types of ACEs can appear in a DACL, access 
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allowed which grants access to the user and access denied which 
denies the access rights specified in the access mask, the 
accumulation of access rights granted by individual ACEs forms 
the set of access rights granted by an ACL, and if no DACL is 
present in a security descriptor, then the object can be fully 
accessed by everyone; on the other hand, if the DACL is null, 
then no user has access to the object (e.g. see page 311, third 
paragraph; also see pages 312-314) . 



Conclusion 

7. Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Tuan V. 
Thai whose telephone number is (571) -272-41287 . The examiner can 
normally be reached from 6:30 A.M. to 4:00 P.M. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Mathew M . Kim can be 
reached on (571) -272-4182. The fax phone number for the 
organization where this application or proceeding is assigned is 
571-273-8300. Information regarding the status of an application 
may be obtained from the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications may 
be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic 
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Business Center (EBC) at 866-217-9197 (toll-free) . 
TVT/March 03, 2006 
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